Compare commits
4 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
|
30be967887 | ||
|
|
2b8d0b3f43 | ||
|
|
07b15c8e01 | ||
|
|
65cc0c7b6d |
@@ -19,14 +19,38 @@ log.info("Database tables verified.")
|
|||||||
app = FastAPI(title="TFM aInventory API", version="1.1.0")
|
app = FastAPI(title="TFM aInventory API", version="1.1.0")
|
||||||
log.info("TFM aInventory API process started.")
|
log.info("TFM aInventory API process started.")
|
||||||
|
|
||||||
# [SECURITY FIX M-01] CORS: allow_origins=["*"] + allow_credentials=True is invalid per spec.
|
# [SECURITY FIX M-01] CORS Configuration
|
||||||
# Allowed origins are configured via ALLOWED_ORIGINS environment variable (comma-separated).
|
# We dynamically build allowed origins from environment variables to simplify deployment.
|
||||||
# Secure fallback: localhost only for development.
|
_raw_origins = os.environ.get("ALLOWED_ORIGINS", "")
|
||||||
_raw_origins = os.environ.get(
|
|
||||||
"ALLOWED_ORIGINS",
|
|
||||||
"http://localhost:8907,https://localhost:8909"
|
|
||||||
)
|
|
||||||
ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()]
|
ALLOWED_ORIGINS = [o.strip() for o in _raw_origins.split(",") if o.strip()]
|
||||||
|
|
||||||
|
# Automatically add origins based on network_config.env variables if present
|
||||||
|
server_ip = os.environ.get("SERVER_IP")
|
||||||
|
front_port = os.environ.get("FRONTEND_PORT", "8907")
|
||||||
|
front_ssl_port = os.environ.get("FRONTEND_SSL_PORT", "8909")
|
||||||
|
back_ssl_port = os.environ.get("BACKEND_SSL_PORT", "8908")
|
||||||
|
|
||||||
|
# Always allow localhost
|
||||||
|
defaults = [
|
||||||
|
f"http://localhost:{front_port}",
|
||||||
|
f"https://localhost:{front_ssl_port}",
|
||||||
|
f"https://localhost:{back_ssl_port}",
|
||||||
|
]
|
||||||
|
for d in defaults:
|
||||||
|
if d not in ALLOWED_ORIGINS:
|
||||||
|
ALLOWED_ORIGINS.append(d)
|
||||||
|
|
||||||
|
# Add IP-based origins if SERVER_IP is set
|
||||||
|
if server_ip and server_ip != "localhost":
|
||||||
|
ip_origins = [
|
||||||
|
f"http://{server_ip}:{front_port}",
|
||||||
|
f"https://{server_ip}:{front_ssl_port}",
|
||||||
|
f"https://{server_ip}:{back_ssl_port}",
|
||||||
|
]
|
||||||
|
for ip_o in ip_origins:
|
||||||
|
if ip_o not in ALLOWED_ORIGINS:
|
||||||
|
ALLOWED_ORIGINS.append(ip_o)
|
||||||
|
|
||||||
log.info(f"CORS allowed origins: {ALLOWED_ORIGINS}")
|
log.info(f"CORS allowed origins: {ALLOWED_ORIGINS}")
|
||||||
|
|
||||||
# Add CORS middleware FIRST (before rate limiter)
|
# Add CORS middleware FIRST (before rate limiter)
|
||||||
|
|||||||
@@ -16,7 +16,6 @@ services:
|
|||||||
environment:
|
environment:
|
||||||
- DATA_DIR=/app/data
|
- DATA_DIR=/app/data
|
||||||
- LOGS_DIR=/app/logs
|
- LOGS_DIR=/app/logs
|
||||||
- ALLOWED_ORIGINS=http://localhost:${FRONTEND_PORT:-3001},https://localhost:${FRONTEND_SSL_PORT:-3003},http://${SERVER_IP:-localhost}:${FRONTEND_PORT:-3001},https://${SERVER_IP:-localhost}:${FRONTEND_SSL_PORT:-3003},https://localhost:${BACKEND_SSL_PORT:-3002},https://${SERVER_IP:-localhost}:${BACKEND_SSL_PORT:-3002}
|
|
||||||
# [C-01] JWT secret key — GENERATE A SECURE VALUE FOR PRODUCTION!
|
# [C-01] JWT secret key — GENERATE A SECURE VALUE FOR PRODUCTION!
|
||||||
- JWT_SECRET_KEY=${JWT_SECRET_KEY:-change_me_in_production}
|
- JWT_SECRET_KEY=${JWT_SECRET_KEY:-change_me_in_production}
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
|
|||||||
@@ -29,6 +29,7 @@ cp install_service.sh "$PROD_DIR/"
|
|||||||
cp inventory.service.template "$PROD_DIR/"
|
cp inventory.service.template "$PROD_DIR/"
|
||||||
cp USER_GUIDE.md "$PROD_DIR/"
|
cp USER_GUIDE.md "$PROD_DIR/"
|
||||||
cp README.md "$PROD_DIR/INSTALLATION_GUIDE.md"
|
cp README.md "$PROD_DIR/INSTALLATION_GUIDE.md"
|
||||||
|
cp .env "$PROD_DIR/"
|
||||||
cp .git_path "$PROD_DIR/" 2>/dev/null || true
|
cp .git_path "$PROD_DIR/" 2>/dev/null || true
|
||||||
cp frontend/VERSION.json "$PROD_DIR/"
|
cp frontend/VERSION.json "$PROD_DIR/"
|
||||||
cp frontend/VERSION.json "$PROD_DIR/frontend/"
|
cp frontend/VERSION.json "$PROD_DIR/frontend/"
|
||||||
|
|||||||
@@ -1,5 +1 @@
|
|||||||
{
|
{"version": "1.9.3", "last_build": "2026-04-13-2112", "codename": "PortFix", "commit": "2b8d0b3f"}
|
||||||
"version": "1.8.9",
|
|
||||||
"last_build": "2026-04-13-1954",
|
|
||||||
"codename": "TypeFix"
|
|
||||||
}
|
|
||||||
|
|||||||
@@ -53,8 +53,15 @@ def main():
|
|||||||
data['version'] = new_version
|
data['version'] = new_version
|
||||||
data['last_build'] = datetime.now().strftime("%Y-%m-%d-%H%M")
|
data['last_build'] = datetime.now().strftime("%Y-%m-%d-%H%M")
|
||||||
|
|
||||||
|
# Get current git commit (short)
|
||||||
|
try:
|
||||||
|
commit_hash = run_command([git, 'rev-parse', '--short', 'HEAD'])
|
||||||
|
data['commit'] = commit_hash
|
||||||
|
except Exception:
|
||||||
|
data['commit'] = 'unknown'
|
||||||
|
|
||||||
# Optional: Rotate changelog if needed, but for now just update version
|
# Optional: Rotate changelog if needed, but for now just update version
|
||||||
print(f"Incrementing version: {old_version} -> {new_version}")
|
print(f"Incrementing version: {old_version} -> {new_version} (commit: {data['commit']})")
|
||||||
|
|
||||||
with open(VERSION_FILE, 'w') as f:
|
with open(VERSION_FILE, 'w') as f:
|
||||||
json.dump(data, f, indent=2)
|
json.dump(data, f, indent=2)
|
||||||
|
|||||||
Reference in New Issue
Block a user